Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Load a group member from a data source, and then forget it in N days

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Load a group member from a data source, and then forget it in N days


Chronological Thread 
  • From: Jeffrey Eaton <>
  • To: "Waldbieser, Carl" <>
  • Cc: "Hyzer, Chris" <>, Gouper Users List <>
  • Subject: Re: [grouper-users] Load a group member from a data source, and then forget it in N days
  • Date: Thu, 4 Aug 2016 15:22:59 +0000
  • Accept-language: en-US

I'm not actually sure.  I think that I got that from https://spaces.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Forever+membership when I was trying to come up with the right magic to do this.

-jeaton

On Aug 4, 2016, at 11:10 AM, Waldbieser, Carl <> wrote:

Jeffrey,

That is helpful.
What does the "ruleRunDaemonName" flag do?  I don't think I have ever used that.

Thanks,
Carl

----- Original Message -----
From: "Jeffrey Eaton" <>
To: "waldbiec" <>
Cc: "Hyzer, Chris" <>, "Gouper Users List" <>
Sent: Thursday, August 4, 2016 10:10:42 AM
Subject: Re: [grouper-users] Load a group member from a data source, and then forget it in N days

We do something similar (in reverse - when you are removed from one group, you are added to another group for N days).  I believe this was how I created the rules:


// Rule 3: on the "recent" group...
recentGroup = GroupFinder.findByName(grouperSession, "Apps:Provisioning:auto:Active-Faculty-Recent");
AttributeAssign attributeAssignRecent2 = recentGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();

attributeAssignRecent2.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssignRecent2.getAttributeValueDelegate().assignValue(RuleUtils.ruleRunDaemonName(), "F");
attributeAssignRecent2.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");

// Rule 3: Fires when a member is removed from the corresponding loader-managed group
attributeAssignRecent2.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(), "Apps:Provisioning:auto:Active-Faculty");
attributeAssignRecent2.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipRemove.name());

// Then add member to the "recent" group
attributeAssignRecent2.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.addMemberToOwnerGroup.name());



// Rule 3a: set expiration on the membership of the recent group
AttributeAssign attributeAssignRecentExpiration  = recentGroup.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();

// Act as GrouperSystem
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), "g:isa");
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleRunDaemonName(), "F");
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleActAsSubjectIdName(), "GrouperSystem");

// Fire the rule when a membership is added to the "recent" group
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(), "Apps:Provisioning:auto:Active-Faculty-Recent");
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckTypeName(),RuleCheckType.membershipAdd.name());

// Then set an expiration of 30 days (change the number of days as needed)
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumArg0Name(), "30");
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumArg1Name(), "T");
attributeAssignRecentExpiration.getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name());




On Aug 4, 2016, at 9:55 AM, Waldbieser, Carl <<>> wrote:

Chris,

In concept I understand what you're saying.  But I have no idea how to use the rule API to actually achieve that.

I imagine I'd want the "overall" group to have the same kind of setup as some other rules I've seen-- act as the Grouper root user, check that there is a membership add.  But after that I am stuck on the action to take.

  actAs = SubjectFinder.findRootSubject()
  group = getGroup(session, "overall")
  attribAssign = group.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign()
  attribValueDelegate = attribAssign.getAttributeValueDelegate()
  attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId())
  attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId())
  attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name())
  # Not sure what goes next?
  # How to say "add the same subject to group, 'some:path:target_group'"?

Thanks,
Carl

----- Original Message -----
From: "Hyzer, Chris" <<>>
To: "waldbiec" <<>>, "Gouper Users List" <<>>
Sent: Wednesday, August 3, 2016 9:05:29 AM
Subject: RE: Load a group member from a data source, and then forget it in N days

I would try to have a group which is loaded.  This will always be in sync with the external source.  Have a shadow group which would be your “overall” group.  Put a rule on the loaded group that if a user is added, add them to the shadow group with an expire date.   Make sure the daemon is set to false.  If you cant do both of those in one rule, then have a rule that adds the user to the other group (daemon off), and a rule on the overall group which says when a user is added set a 30 day delete date (daemon false). Ok?  Let me know if you have issues and I can try it out.

Thanks
Chris

From: Waldbieser, Carl []
Sent: Wednesday, August 03, 2016 7:03 AM
To: Hyzer, Chris <<>>; Gouper Users List <<>>
Subject: RE: Load a group member from a data source, and then forget it in N days

Chris,

Yes.  It remains in the source.

Thanks,
Carl





Sent from my Samsung Captivate Glide on AT&T

"Hyzer, Chris" <<><>> wrote:

After the subject expires, is it still in the source?

-----Original Message-----
From: <><> [] On Behalf Of Waldbieser, Carl
Sent: Tuesday, August 02, 2016 3:36 PM
To: Gouper Users List <<><>>
Subject: [grouper-users] Load a group member from a data source, and then forget it in N days


I have a data source that I want to use to populate a group membership.
The trick is, once a subject is added to the target group in Grouper, I want that membership to expire in 30 days, and I don't want the Grouper loader to re-load the subject after that time.

Is it possible to achieve this with some kind of rule?

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College




Archive powered by MHonArc 2.6.19.

Top of Page